CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3760

HIGH
7.5
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile41.51th
PublishedOct 22, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Citrix

Xencenterweb

All versions

References & Advisories

πŸ”— http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
πŸ”— http://securitytracker.com/id?1022520
πŸ”— http://www.exploit-db.com/exploits/9106
πŸ”— http://www.securityfocus.com/archive/1/504764
πŸ”— http://www.securityfocus.com/bid/35592
πŸ”— http://www.vupen.com/english/advisories/2009/1814
πŸ”— http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
πŸ”— http://securitytracker.com/id?1022520

Related Vulnerabilities

CVE-2009-37598.8

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb all...

CVE-2009-37587.5

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attacke...

CVE-2009-37574.3

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remo...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...